Shining some light on the DarkGate loader
Tags
cmtmf-attack-pattern: Traffic Distribution
country: Spain Russia
maec-delivery-vectors: Watering Hole
attack-pattern: Data Models Hardware - T1592.001 Malware - T1587.001 Malware - T1588.001 Phishing - T1660 Phishing - T1566 Process Hollowing - T1055.012 Server - T1583.004 Server - T1584.004 Software - T1592.002 Vnc - T1021.005 Visual Basic - T1059.005 Tool - T1588.002 Process Hollowing - T1093 Rootkit - T1014 Rootkit
Show in Graph
Common Information
Type Value
UUID 3e1afe85-0531-4b13-9bdd-e5b01f3526e4
Fingerprint 9c3519b8adf78699
Analysis status DONE
Considered CTI value 1
Text language
Published Aug. 25, 2023, midnight
Added to db Nov. 6, 2023, 8:24 p.m.
Last updated Nov. 17, 2024, 6:54 p.m.
Headline Telekom Security
Title Shining some light on the DarkGate loader
Detected Hints/Tags/Attributes 88/4/30
Source URLs
Redirection Url
Details Source https://github.security.telekom.com/2023/08/darkgate-loader.html
URL Provider
Details Provider Source level domain
Details telekom.com github.security.telekom.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 127 Telekom Security https://github.security.telekom.com/atom.xml 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 5 
www.exemsi.com
Details Domain 2 
a-1bcdn.com
Details Domain 2 
avayacloud.com.global.prod.fastly.net
Details Domain 2 
intranet.mcasavaya.com
Details Domain 40 
xss.is
Details Domain 110 
exploit.in
Details Domain 34 
exploit.im
Details Domain 4 
drkgatevservicceoffice.net
Details Domain 3 
onlysportsfitnessam.com
Details Domain 7 
reactervnamnat.com
Details Domain 4 
sanibroadbandcommunicton.duckdns.org
Details Domain 3 
xfirecovery.pro
Details Email 1 
coding_guru@exploit.im
Details File 11 
www.exe
Details File 2125 
cmd.exe
Details File 748 
kernel32.dll
Details File 291 
user32.dll
Details sha256 1 
6e068b9dcd8df03fd6456faeb4293c036b91a130a18f86a945c8964a576c1c70
Details IPv4 6 
80.66.88.145
Details IPv4 4 
149.248.0.82
Details IPv4 4 
179.60.149.3
Details IPv4 3 
185.143.223.64
Details IPv4 3 
185.8.106.231
Details IPv4 3 
45.89.65.198
Details IPv4 4 
5.34.178.21
Details IPv4 4 
89.248.193.66
Details Url 1 
http://80.66.88.145
Details Url 1 
http://a-1bcdn.com
Details Url 1 
http://avayacloud.com.global.prod.fastly.net
Details Url 1 
http://intranet.mcasavaya.com